1 files changed, 2 insertions, 30 deletions

diff --git a/seccomp/arm/9p_device.policy b/seccomp/arm/9p_device.policy
index c1c3aea..b3167b9 100644
--- a/seccomp/arm/9p_device.policy
+++ b/seccomp/arm/9p_device.policy
@@ -2,56 +2,28 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
-write: 1
-recv: 1
-read: 1
-epoll_wait: 1
+@include /usr/share/policy/crosvm/common_device.policy
+
 pread64: 1
 pwrite64: 1
 lstat64: 1
 stat64: 1
-close: 1
-prctl: arg0 == PR_SET_NAME
 open: 1
 openat: 1
 fstat64: 1
-# ioctl(fd, FIOCLEX, 0) is equivalent to fcntl(fd, F_SETFD, FD_CLOEXEC).
 ioctl: arg1 == FIOCLEX
 getdents64: 1
 fdatasync: 1
 fsync: 1
-# Disallow mmap with PROT_EXEC set.  The syntax here doesn't allow bit
-# negation, thus the manually negated mask constant.
-mmap2: arg2 in 0xfffffffb
-mprotect: arg2 in 0xfffffffb
-sigaltstack: 1
-munmap: 1
 mkdir: 1
 rmdir: 1
-epoll_ctl: 1
 rename: 1
 writev: 1
 link: 1
 unlink: 1
-restart_syscall: 1
-exit: 1
-rt_sigreturn: 1
-epoll_create1: 1
-sched_getaffinity: 1
-dup: 1
-# Disallow clone's other than new threads.
-clone: arg0 & 0x00010000
-set_robust_list: 1
-exit_group: 1
 socket: arg0 == AF_UNIX
-futex: 1
-eventfd2: 1
-mremap: 1
-# Allow MADV_DONTDUMP and MADV_DONTNEED only.
-madvise: arg2 == 0x00000010 || arg2 == 0x00000004
 utimensat: 1
 ftruncate64: 1
 fchown: arg1 == 0xffffffff && arg2 == 0xffffffff
 statfs64: 1
 fstatat64: 1
-getpid: 1